Save 35% on a CIP subscription today!
Use code cybernewyear35 at checkout to save 35% on a CIP subscription today!
Valid until January 2nd. Hurry, this offer ends soon!

Overview

In this lesson, we will discuss compliance as a topic and go over some examples of regulations, laws, and standards that many organizations need to comply with. We will also discuss a few roles and certifications associated with the field of compliance, as this is an area of cybersecurity that you don't hear much about.

Compliance can be a fairly involved concept. On the surface, it is just about an organization's adherence to the various laws, standards, regulations, and policies it is required to follow. On the other hand, it also invokes the ideas of being transparent about whether you follow these things, as well as proving that you follow these things.

In the field of GRC, compliance is where the rubber meets the road - organizations can claim they behave appropriately, and they can claim they manage risk, but compliance is where they prove that they do these things.

Embedded image

Key Laws and Standards

As a cybersecurity professional, you may not need to know every detail about these laws and regulations. However, it is important to be aware of them. Most have to do with privacy and security of information, essentially how we handle data.

You may recall that we previously discussed how we handle data and keep it secure. We also said that we want clients and partners to know that we take care to keep data secure in the way that we store it, transmit it, and even how we destroy it. We also talked about how we may have to follow certain rules around how long we keep data. These laws, regulations, and standards dictate a lot of the rules we must abide by, and cybersecurity is a big part of making that happen. We've mentioned some of these before, so this is also a bit of a review.

  • Family Educational Rights and Privacy Act (FERPA) - This act regulates the handling and privacy of student education records.
  • General Data Protection Regulation (GDPR) - This regulation governs data protection and privacy for people in the European Union (EU). Importantly, it applies to any company that handles the protected data of people who are in the EU, even if the company itself is not located in the EU.
  • Gramm-Leach-Bliley Act (GLBA) - This act applies to financial institutions and regulates the privacy of customer financial information.
  • Health Insurance Portability and Accountability Act (HIPAA) - This act regulates the handling and privacy of protected health information.
  • ISO/IEC 27001 - This standard specifies how organizations should manage information security.
  • Payment Card Industry Data Security Standard (PCI DSS) - This standard applies to any organization that handles branded credit cards. If you use credit cards, you benefit from the protection this standard provides to ensure your cardholder data is securely processed, stored, and transmitted by retailers and other merchants.
  • Sarbanes-Oxley Act (SOX) - This act applies to any publicly traded company and regulates the financial reporting activities of such companies.

Compliance

In Review

In this lesson, you learned about the compliance part of GRC. At this point, you should now have a basic understanding of several fundamental cybersecurity concepts. If you are completing this course as part of Cybrary's IT and Cybersecurity Foundations Career Path, you will soon have the opportunity to get hands-on with many of these concepts in the upcoming labs. Thanks for playing!

Forum Discussions